Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) is an additional layer of security for the Infinity Portal. When 2FA is required, Infinity Portal users must use an authentication app or SMS code to confirm their identities before they get access to the Infinity Portal.

For information about 2FA for MSSP Managed Security Service Provider (MSSP) - An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services./Distributor child accounts, see Manage Accounts.

An organization can configure and manage 2FA as part of Single Sign-On (SSO Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications.) with an Identity Provider A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP.. For example, an organization requires 2FA as part of user authentication through Microsoft Entra ID (formerly Azure AD). Infinity Portal users who log in through Microsoft Entra ID authenticate themselves with 2FA according to the policy configured by the organization's Microsoft Entra ID administrator.

Creating and Editing 2FA Configurations for Your User Account

Verify your phone number for the Infinity Portal to use for 2FA through SMS

In the Infinity Portal, open the Profile Settings page. In the upper-right corner:
- Click the user name, or
- Click the arrow next to the user name > Profile Settings.
The Profile Settings window opens.
Verify your mobile phone number for 2FA:
1. In the Phone field, enter your mobile phone number.
2. Click Send code.
  
  Check Point sends an SMS to your phone with a six-digit code.
3. Enter the code in the Enter Code field.
4. Click Verify.

Configure an authentication app for 2FA

Download one of these authenticator applications to your mobile phone:
- Google Authentication
- Microsoft Authenticator
- Authy
In the Infinity Portal, open the Profile Settings page. In the upper-right corner:
- Click the user name, or
- Click the arrow next to the user name > Profile Settings.
The Profile Settings window opens.
Toggle the Two-factor Authentication (2FA) switch to ON.

The Two-Factor Authentication (2FA) configuration wizard window opens.

Follow the on-screen instructions to connect the authentication app to the Infinity Portal.

Note - If you did not verify your phone number in the Profile Settings window, you must verify it in the Two-Factor Authentication (2FA) configuration wizard.

If you want to require yourself to use 2FA for all Infinity Portal accounts, keep the toggle on. If you want to use 2FA only when required by a Primary Administrator of an account, switch the toggle to OFF.
Click Finish to close the wizard.

Require yourself to use 2FA for all Infinity Portal accounts

You can require yourself to use 2FA every time you log in to the Infinity Portal, even when the Global Administrator of the Infinity Portal account does not require 2FA.

Use Case: A security administrator works for a Check Point MSSP to manage child accounts. One of the MSSP's customers does not require its own security administrators to use 2FA. The MSSP's corporate policy requires 2FA for all Infinity Portal logins.

Procedure

In the Infinity Portal, open the Profile Settings page. In the upper-right corner:
- Click the user name, or
- Click the arrow next to the user name > Profile Settings.
The Profile Settings window opens.

Toggle the Two-factor Authentication (2FA) switch to ON.

If you do not have an authentication app configured, the Two-Factor Authentication (2FA) configuration wizard window opens. Follow the steps in the wizard to configure an authentication app or to require 2FA through SMS.

Note - If you did not verify your phone number in the Profile Settings window, you must verify it in the Two-Factor Authentication (2FA) configuration wizard.

Click Finish.

Viewing and Resetting a User's 2FA Configuration

An Infinity Portal Primary Administrator, Admin, or User Admin can view and reset a user's 2FA configuration.

View users' 2FA configurations

In the Infinity Portal, click > Users.

The 2FA configured column of the table shows one of these 2FA configurations for each user:

Icon	2FA Configuration
	The user does not have 2FA configured.
By app	The user has 2FA configured with an authenticator app.
By phone	The user has 2FA configured with SMS.
App and phone	The user has 2FA configured with an authenticator app and with SMS.

The 2FA table row shows you the 2FA authentication method(s) that the user configured for himself in Profile Settings. This table row is not related to the 2FA enforcement policy for the tenant.

Reset a 2FA application for a user

Reset an authentication app for a user when the user gets a new phone (with the same phone number) or has a problem with the app.

After the reset, if 2FA is required for account login, Check Point sends an SMS with an authentication code to the user's verified phone number.Then, the user can log in to the Infinity Portal and create a new authenticator app configuration (see Verify your phone number for the Infinity Portal to use for 2FA through SMS).

Procedure

In the Infinity Portal, click > Users.

The 2FA configured column of the table shows one of these 2FA configurations for each user:

Icon	2FA Configuration
	The user does not have 2FA configured.
By app	The user has 2FA configured with an authenticator app.
By phone	The user has 2FA configured with SMS.
App and phone	The user has 2FA configured with an authenticator app and with SMS.

Select a user from the table and click Reset 2FA.
To see updated user information, click Refresh.

Enforcing 2FA Policy for All Users

A Primary Administrator can set a 2FA policy for all users who log in to the Infinity Portal account.